Shellshock Bash Bug: What Threat does it pose to Businesses?

An estimated 500 million machines are vulnerable to the recently discovered Shellshock Bash Bug, which has been claimed to be more serious than the infamous Heartbleed bug from April 2014.

What is the Shellshock Bash Bug?

This new bug, nicknamed Shellshock, has been found by software company Red Hat. The bug is found within a software component known as Bash, featured on Unix systems, which Linux and Apple OS X is based upon. Essentially, it is a coding mistake, allowing hackers to send commands without having the administrative status required.

Bash is a command prompt in Unix, allowing users to launch applications with text commands. An example of this is launching the Terminal in Mac OS X. However, this security flaw means that hackers can gain unauthorised remote access to servers and machines.

Many web servers use the Apache system, utilising the Bash component. Bash was released way back in 1989, and the vulnerability has only just been unearthed, meaning that systems have theoretically been open to attack for 25 years.

What threat does Shellshock pose?

The Shellshock Bug allows the remote control of any system which utilises Bash, which could cause serious problems for machines or servers which utilise it.

Heartbleed could only gain access to a random portion of data, which could often be useless. However, Shellshock allows direct remote access to the system. 500,000 machines were thought to be vulnerable to Heartbleed, which now pales in comparison to the 500 million reported to be vulnerable to access via the Shellshock Bug.

The bug allows hackers access to servers, whereby they can change and deface websites, alongside stealing user data. Aside from this, home computers and embedded devices are also at risk. The severity of this risk is that the Bash bug is deemed a fairly simple software vulnerability for hackers to make use of.

Not only this but what can be achieved is significantly dangerous. Hackers could potentially overtake the operating system, steal confidential information, and make a host of changes to machines around the globe.

Theoretically, financial details could be stolen via routers and modems to gain access to PCs. Banks or online retailers using mainframe computing systems could also be at risk.

What should I do next?

If you are based on a Windows Server, then you are not vulnerable to the bug, as the Bash tool is not installed.

Otherwise, there are patches available for certain systems, which system administrators can apply immediately. However, early claims suggest these do not fully secure the systems at risk.

If you are using a system which makes use of Bash, then your first step should be to immediately deploy the patch, to ensure you are protected. If there isn’t a patch for your system, then you will need to stay alert, and await for companies such as Apple to develop the relevant patches and updates for vulnerable systems. Malicious software exploiting the bug have already begun to appear online, so it’s not something to take lightly.

Servers appear to be more at risk than personal computers, and so security professionals are the ones who shall need to implement solutions.

Currently, there is very little that can be done to protect against the security flaw. It’s recommended to avoid using credit cards online for the next few days, which could be a blow to ecommerce retailers. Anti-virus software will need to be updated, and general precautions still stand.

If you have any other questions or concerns about the Shellshock Bug, or any other issues, then do get in touch with the team at Xanthos, who will be more than happy to help.